Public cloud adoption in Canada is rising, but so are the challenges organizations face when it comes to securing public cloud environments such as Amazon Web Services (AWS) and Microsoft Azure, according to Rob Lunney, Canada’s country manager for Palo Alto Networks.
“As more customers invest and move workloads into the public cloud and SaaS applications, the potential exposure of data becomes greater with cloud because the operational functions are different compared to a private network,” said Lunney, adding Google Cloud Platform (GCP) to the list of popular public cloud providers. “The native cloud security tools of any of those platforms, by themselves, are not enough to provide full security if you’re moving workloads between those clouds.”
Compared to other parts of the world, Canada has been slow to adopt public cloud, indicated Lunney, but in recent years, the rate of adoption has picked up significantly. So much so that Palo Alto Networks’ Canadian business is growing at an annual rate of approximately 40-50 per cent, and customers, from enterprises to mid-market businesses, are looking for ways to consolidate their cloud services while keeping sensitive data secure.
“The slowness the Canadian market is known for around technology adoption has aided us,” explained Lunney. “We’re at a point where our capabilities are really coming on stream and we’re able to meet our customers with a full platform of solutions, which is something we might not have been able to do two or three years ago.”
But now that Canada has joined the rest of the world when it comes to mainstream adoption of cloud, it’s also experiencing the same pain points. Fragmented security, manual operations, and human error can cause breaches and slow down application deployments. When data is exposed in cloud storage services such as Amazon S3, it’s often at no fault of Amazon itself, but because of faulty configurations that have left data exposed to the internet. Cloud vendors take responsibility for securing their own infrastructure, and it’s up to their customers to ensure the configurations within those infrastructures are keeping sensitive information secure. Palo Alto Networks’ acquisition of RedLock late 2018 is likely to help on that front. RedLock monitors configurations and warns companies when something is amiss.
Additionally, the chatter around the use of AI and machine learning to secure public cloud environments is promising, said Lunney, but while they have proven to enhance analytics and predictive capabilities, these emerging technologies remain nascent. Lunney suggested that tools which provide customers with greater visibility and control over their applications, and help ensure privacy regulations are met and maintained, will gain much more traction among customers.
According to a McAfee report, the majority of organizations store some or all of their sensitive data in the public cloud, with only 16 per cent stating that no sensitive data is stored in the cloud. The types of data stored are wide-ranging, but personal customer information is by far the most common. More than 60 per cent organizations report storing personal customer information on the public cloud. Approximately 40 per cent of respondents say they store one or more of their internal documentation, payment card information, personal staff data, or government identification data on the public cloud.
Opportunities aplenty for partners
Nine out of 10 companies will have some part of their applications or infrastructure in the cloud by 2019, and the rest expect to follow by 2021, according to IDG’s latest Cloud Computing Survey.
Almost every single one of those companies need help during this process, which is good news for partners, said Lunney.
“Our engagement strategy usually involves us engaging with customers directly with a security conversation. We then have business partners brought in to build the security solutions,” he said. “Almost all, 96 per cent of security revenues generated by Palo Alto Networks is delivered by our business partners.”
Kent MacDonald, senior vice-president of strategic alliances for Long View Systems, described a very similar approach around delivering security to customers.
“Today customers want a conversation,” he said, adding the challenges that come with migrating workloads to the cloud is usually where the conversation begins. “It’s something Long View can leverage our partner community for.”